Skillv1.0.0

ClawScan security

my_skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 2, 2026, 9:41 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (setup/use 1Password CLI) mostly matches what it does, but the SKILL.md requires and uses tmux and captures pane contents without declaring tmux as a dependency — and the capture step can expose secrets — so there are inconsistencies and a data-exposure risk you should review before installing.
Guidance: This skill appears to do what it says (install and run 1Password CLI), but there are two things to check before installing: (1) The runtime instructions require tmux but the skill did not declare tmux as a required binary. If you plan to use it, ensure tmux is available and the skill metadata is updated to list tmux as a dependency. (2) The sample flow captures tmux pane output (tmux capture-pane) which can accidentally include secrets printed by commands; the skill does not show filtering or sanitization. Ask the publisher to (a) declare tmux as a required binary, (b) avoid capturing raw pane output that may contain secrets or explicitly filter/redact it, and (c) document how captured output is used and where it may be stored or displayed. Also verify you trust the Homebrew 1password-cli formula and only run these automated flows interactively (do not allow unattended/automated sign-ins without reviewing outputs). If you are uncomfortable with those issues, run the official 1Password CLI manually instead of using this skill.

Review Dimensions

Purpose & Capability: noteName/description align with the behavior: the skill installs/uses the 1Password CLI (op) and provides sign-in/read/inject examples. The brew install of the official 1password-cli formula is proportionate. However, the runtime instructions mandate tmux usage (fresh socket/session) but tmux is not listed under required binaries; that mismatch should be corrected or justified.
Instruction Scope: concernSKILL.md instructs creating a fresh tmux session, sending keys (op signin/whoami/vault list), capturing the tmux pane output, and then killing the session. Capturing pane output (capture-pane -p -J -S -200) can include sensitive data if any command prints secrets; the skill does not include filtering or explicit safeguards for what to capture. The instruction to 'Never run op outside tmux' and to always use a dedicated socket is a reasonable operational constraint but it expands the agent's scope to manage TTY/socket state, which is not declared in requirements.
Install Mechanism: okInstall uses a Homebrew formula (1password-cli) which is a standard, well-known distribution method for macOS/Linux systems with Homebrew. No arbitrary downloads or archive extraction are used in the install spec.
Credentials: noteThe skill does not request secrets or other environment variables and the primary credential is none, which is consistent. SKILL.md references OP_ACCOUNT and optional socket-dir env vars (OPENCLAW_TMUX_SOCKET_DIR, CLAWDBOT_TMUX_SOCKET_DIR, TMPDIR) but these are informational/optional and not declared in requires.env; consider declaring required or recommended env vars or documenting that they are optional.
Persistence & Privilege: okalways is false and the skill does not request elevated persistence or modify other skills. Autonomous invocation is allowed (platform default) but not combined with other high-risk privileges.